Authentication Bypass Archives • Daily CyberSecurity

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches

Ddos February 5, 2026

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters CVE-2022-35914 Synectix LAN 232 TRIO CVE-2026-1633

Unpatchable & Critical: CISA Issues CVSS 10.0 Alert for Synectix Adapters

Ddos February 4, 2026

SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities CVE-2024-23476 & CVE-2024-23479 SolarWinds Web Help Desk Unauthenticated RCE

CVE-2024-23476 & CVE-2024-23479 SolarWinds Web Help Desk Unauthenticated RCE

SolarWinds Web Help Desk Hit with Multiple RCE and Auth Bypass Vulnerabilities

Ddos January 28, 2026

Under Attack: Critical Fortinet Auth Bypass (CVE-2026-24858) Exploited in the Wild Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

Under Attack: Critical Fortinet Auth Bypass (CVE-2026-24858) Exploited in the Wild

Ddos January 28, 2026

Lock the Front Door: The “Localhost” Loophole Leaving Thousands of Clawdbot Agents Exposed Clawdbot security bypass

Lock the Front Door: The “Localhost” Loophole Leaving Thousands of Clawdbot Agents Exposed

Ddos January 27, 2026

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware Oracle E-Business Suite RCE CVE-2025-61882 PoC

PoC Released for Critical Oracle E-Business Suite Flaw Exploited by Ransomware

Ddos January 26, 2026

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

Fortinet patch bypass 2026, FortiGate SSO authentication exploit SharePoint Zero-Day, China APTs Exploited Vulnerabilities 2023

“New” Path of Attack: Fully Upgraded Fortinet Devices Hit by SSO Exploits

Ddos January 23, 2026

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild

Ddos January 22, 2026

GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Security Update CVE-2026-0723 CVE-2023-7028 & CVE-2023-5356 GitLab vulnerability, DoS flaw

GitLab Alert: High-Severity 2FA Bypass & DoS Flaws Patched in Urgent Update

Ddos January 21, 2026

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root” GNU Inetutils Telnetd Root Authentication Bypass

10-Year-Old GNU Inetutils Telnetd Flaw Lets Hackers Log In as Root via “-f root”

Ddos January 21, 2026

CVE-2026-0629: TP-Link VIGI Flaw Lets Attackers Reset Admin Passwords TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

CVE-2026-0629: TP-Link VIGI Flaw Lets Attackers Reset Admin Passwords

Ddos January 21, 2026

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover ABB OPTIMAX Vulnerability CVE-2025-14510 ABB Edgenius Auth Bypass, Critical RCE ABB, ASPECT BMS CVE-2024-48841, CVE-2024-48849, and CVE-2024-48852 CVE-2024-48510

Critical ABB Alert: OPTIMAX Flaw Allows Full System Takeover

Ddos January 19, 2026

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root CVE-2022-38065 OpenStack Vulnerability CVE-2026-22797

OpenStack Admin Forgery: CVE-2026-22797 Lets Users ‘Ask’ for Root

Ddos January 16, 2026

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

Cal.com Vulnerability CVE-2026-23478 Cal.com Auth Bypass, TOTP Logic Flaw

One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA

Ddos January 15, 2026

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring CVE-2024-55573 & CVE-2024-53923 Centreon AWIE Vulnerabilities CVE-2025-15029

Critical Centreon Alert: 9.8 Severity Flaw Exposes IT Monitoring

Ddos January 9, 2026

WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-66848: Critical Flaw in JD Cloud Routers Grants Hackers Root Access

Ddos January 5, 2026

CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters RustFS, Hardcoded Token (CVE-2025-68926)

CVE-2025-68926: Critical Hardcoded Credential Flaw Exposes RustFS Storage Clusters

Ddos January 2, 2026

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Hijacked Mobility: CISA Warns of Critical 9.8 Flaw Allowing Remote Control of WHILL Power Chairs

Ddos January 1, 2026

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control CVE-2024-29868 Apache StreamPipes, CVE-2025-47411

CVE-2025-47411: Critical Apache StreamPipes Flaw Allows Standard Users to Seize Admin Control

Ddos December 31, 2025

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login

Ddos December 30, 2025